Unofficial ChatGPT mobile apps pose privacy risk - Mobile Privacy Briefing 2023.095

Top10VPN researchers uncovered privacy violations in the top 10 unofficial ChatGPT apps on the Apple App and Android Play Stores. I say unofficial because OpenAI does not offer official ChatGPT mobile apps (you should use ChatGPT via the web interface).

It’s not surprising that a technology that exploded into the mainstream so quickly would also create an opportunity for privacy (and probably security) abuse. Many folks are probably not aware that these apps are unofficial and certainly don’t inspect what sort of data is collected.

Some of the highlights (or perhaps lowlights) from the research include:

  • sharing location data with ByteDance (TikTok), Amazon and more
  • ability to record audio
  • potentially log question and answer traffic
  • charging a fee while ChatGPT is a free service
  • allowing multiple 3rd party trackers
  • Misrepresenting data collection in app’s App Store privacy label

Since these are not security vulnerabilities, the article is able to provide full details on the specific apps and what the issues are so if you have one of these apps installed, you should probably check out the details from the researcher.

Better yet, don’t use any unofficial ChatGPT mobile apps!